Members associated with the Anonymous movement have launched DDoS attacks against several North Carolina government online portals as a method of protest against the recent House Bill 2 (HB2) that includes several clauses perceived as anti-LGBT.

The attacks took place over the weekend and were aimed at the main North Carolina government portal ( and the website of the North Carolina Governor Pat McCrory (

The group’s Twitter account (@OperationLGBT) said these attacks will continue until the state changes the HB2 law, also known as the Bathroom Bill.

North Carolina passed a controversial version of this law this past March, one that prevents transgender people from using bathrooms corresponding to the gender with which they identify.

Furthermore, the new HB2 law, applicable statewide, also includes various provisions that nullify local ordinances around the state that provided some sort of protection for the LGBT community, like the ones regulating the use of public accommodations.

The LGBT community protested around the world and the US, and at one point, adult site xHamster blocked access to their service for North Carolina residents, but not before tweeting that both gay and transgender content is actually very popular in the state.

Contacted via Twitter, the hackers behind this campaign told Softpedia that they’re very happy with the support they received from the public for their campaign.





Anonymous Launches DDoS Attacks on Banks in “Op Icarus”

Headlines have been dominated this week by the Anonymous campaign of DDoS attacks against financial institutions all over the world. Named “Op Icarus” in honor of the character from Greek mythology, the campaign seeks to punish what Anonymous views as “corrupt” banks and individuals in the financial sector.

As we all know, distributed denial of service (DDoS) attacks can strike any industry or any organization at any time and without warning. Hacktivism like that carried out by Anonymous and their base of dedicated hackers often involves the use of DDoS attacks, since they provide quick results at low cost, and with minimal risk of compromising the identities of the perpetrators. What’s more, the service downtime they bring about can cause damage to the tune of six-figure sums, so it’s an ideal part of the toolkit for the hacktivist – a fact that is bolstered by people diversifying the techniques behind DDoS attacks.

Distributed denial of service attacks have been a threat to service availability for more than a decade. However, these DDoS attacks have become increasingly sophisticated and multi-vector in nature, overcoming traditional defense mechanisms or reactive countermeasures. These pointed attack campaigns continue to reinforce a growing need for DDoS attack mitigation solutions that can properly defeat attacks at the network edge, and ensure the accessibility required for the financial institutions to maintain business operations in the face of an attack.

While the impact on the individual targets of the DDoS attack campaign, “Op Icarus” is unclear; obstructing or eliminating the availability of email servers is significant. In an online world any type of service outage is barely tolerated, especially in the banking industry where transactions and communications are often time-sensitive, and account security is of utmost importance.

Until distributed denial of service attacks are effectively mitigated as a norm, we can expect hacker communities such as Anonymous to continue gaining notoriety as they bring services down, take websites offline and cause havoc on the internet in pursuit of their goals. 2016 has been a tough year for finance in regard to their cybersecurity, with the massive cyber heist of the Bangladesh Bank as well as the Qatar National Bank data leak having taken place already. It’s safe to say that banks across the globe need maximum security not only for their safes and vaults, but also for their networks. Regardless of the motivations for these attacks, financial firms must be proactive in their defenses.


Chinese hackers prowling Taiwan’s systems: Chang

China’s attempts to hack Taiwanese databases did not halt regardless of the state of cross-strait relations in the past eight years, as Beijing epitomizes Sun Tzu’s (孫子) maxim in the Art of War (孫子兵法): “Know your enemy,” Premier Simon Chang (張善政) said in an exclusive report published by the Liberty Times (the Taipei Times’ sister paper).

Taiwan’s information security systems found traces of Chinese hackers every time a cross-strait negotiation event occurred over the past eight years, primarily in the systems of the Ministry of Economic Affairs, Premier Simon Chang (張善政) said.

“Chinese cyberattacks have not been deterred by the calming of cross-strait relations as Beijing wishes to know what we are doing and our modes of thought, especially during negotiations,” he said.

The information obtained might not be used during the actual negotiation, but officials might be completely unaware that their limits or strategies are already known by China, Chang added.

While saying that Chinese probably do not have access to Taiwan’s policies and decisions on the draft cross-strait service trade accords and the draft cross-strait goods trade accords, Chang said that there is no way of being absolutely certain.

The policies of the incoming government might discourage Chinese from hacking if it has no plans to negotiate or interact with China, but the attacks could come in a different form, Chang said.

Chang said that cyberattacks came in two ways — one in which Web sites crash or get a denial of service or distributed denial of service (DDOS) message, and the other in which backdoors are opened into Web sites that allow hackers to steal sensitive information.

An index on Chinese hacking activity would depend on whether Taiwan’s Web sites are attacked openly — such as the Presidential Office’s Web site displaying the People’s Republic of China (PRC) national flag — which might indicate that more subtle hacking is also in progress, Chang said.

China’s efforts at bypassing Taiwan’s firewalls are mostly custom-designed and are extremely hard to detect, Chang said, adding that over the years, Taiwan has uncovered many different methods that are being noticed by other nations.

Chang said that after his dealings with information security, he does not harbor impractical illusions toward China and is of the mind that it is, for the most part, unfriendly toward Taiwan.

Chang said he counts the abolition of regulations on the establishment of the information security center as one of the greatest regrets during his term as premier, adding that the incoming government should seek to retain these regulations and staff.

He said that the staff at the center were the most experienced in dealing with Chinese hackers and they would be of invaluable service to the nation.

When asked whether Taiwan should be on alert in terms of corporations and the Chinese market, Chang said Taiwanese companies are even more concerned than the government over their goods or technologies slipping out of their fingers, adding that all the government had to do was hear what the companies and corporations are saying.

Chang also said that it is highly likely that Taiwanese Web sites would be targeted over the recent World Health Assembly issue, as China might be “afraid that we would say things we should not.”



Student shuts down 444 school websites to ‘remind teachers they are incompetent’


On May 11, police filed obstruction of business charges against a 16-year-old student, alleging that he launched a denial-of-service (DoS) attack against the Osaka Board of Educations server which holds the webpages of 444 elementary, junior high, and high schools in the area.

Although in high school now, at the time of the attacks last November, the student was in junior high school. According to police, he said his own school environment is what motivated his actions.

“I hate how the teachers talk down to us and never let us express ourselves. So, I thought I would remind them of their own incompetence. It felt good to see them have problems. I did it several times,” the boy said.

Police seized the student’s computer and some books about hacking. It is believed that he downloaded a tool which sent large volumes of data to the Board of Education servers, rendering access impossible for periods of about an hour. He would then confirm the take-down by monitoring the websites with his smartphone.

He also told police that he had wanted to join the hacking group Anonymous and that he didn’t know schools other than his own would be affected in the attack. Both statements are ironic in that, as a minor, his identity remains anonymous and apparently he turned out to be a little incompetent himself when it came to hacking.

This incident would mark the first time in the history of Japan that a cyberattack was launched against a local government, and punishments for such a crime include a maximum three-year-prison sentence or 500,000 yen fine.

However, considering the student is a minor and the number of people actually affected (i.e. people who wanted to access a school website during those times) was likely in the high single digits at most, he ought to get off lightly.

Source: Sankei West News



DDoS attacks Explained

DDoS is short for Distributed Denial of Service.

DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

How DDoS Attacks Work

According to this report on eSecurityPlanet, in a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

The Difference Between DoS and DDos Attacks

A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.

Types of DDoS Attacks

There are many types of DDoS attacks. Common attacks include the following:

  • Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation.
  • Bandwidth attacks: This DDos attack overloads the target with massive amounts of junk data. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service.
  • Application attacks: Application-layer data messages can deplete resources in the application layer, leaving the target’s system services unavailable


Commercial Bank of Ceylon website hit by hack attack

The Sri Lanka-based Commercial Bank of Ceylon has released a statement admitting that a “hacking attack” on its website resulted in a successful intrusion – however, it maintained that no customer data has been compromised.

The bank, which released a statement in the wake of major cyberattacks targeting the Bangladesh central bank and an unnamed firm in Vietnam, claimed to have successfully defended itself and said its systems have now been fully restored.

A notice posted to the bank’s website confirmed: “There was a hacking attack on our website and the bank took immediate corrective steps. Our systems are fully secure and operational. The hacking attack was also immediately communicated to the relevant authorities.

“We confirm that no sensitive customer data or valuable passwords were lost due to this intrusion. We are taking every measure to protect the privacy of our customers and have engaged external parties to review all our systems to ensure that no vulnerabilities exist.”

The statement did not elaborate on when the so-called ‘intrusion’ took place or exactly what computer systems were targeted by hackers. The breach notification notice has been pinned to the front page of the website.IBTimes UK contacted the bank for additional comment but had received no response at the time of publication.

Indeed, a hacking group recently posted what purported to be information from a Sri Lanka-based Commercial Bank online, as reported by Bank Info Security. The leaked files allegedly included 158,276 files in 22,901 folders and featured annual reports, application forms, financial statements, PHP files, web development backups and other documents from the bank’s corporate front-end website. Based on analysis of this data dump, no customer data appeared to be present and security researchers concluded the data was old. The links to the data dump have since been removed from the web.

The news comes after similar disclosures from the Qatar National Bank (QNB). As previously reported, hackers released data that included names, addresses, credit card data and National ID numbers of QNB customers – alongside more suspicious information that was labelled as belonging to Al-Jazeera journalists, the Al-Thani Royal Family and even members of the country’s security services.

Additionally, the Celylon cyberattack has emerged as hacking collective Anonymous continue to launch cyberattacks against a slew of financial institutions as part of ‘Op Icarus’. It remains unclear if the Sri Lanka incident was the result of a distributed-denial-of-service (DDoS)-style assault, an SQL injection tool or if the attacker was using more sophisticated methods.

A global cyber-scheme

Making matters more complicated, in recent weeks a number of banks have been targeted by hackers with darker motives. The Commercial Bank statement comes after it was confirmed a bank in Vietnam successfully foiled a cyberattack that attempted to compromise sensitive data via the Swift secure messaging service – which is used by over 11,000 financial institutions to send messages and large sums of money across the globe.

The firm in question, Hanoi-based Tien Phong Bank, revealed that in the fourth quarter of last year it identified suspicious requests sent through fraudulent messages on the ‘Swift’ platform that was trying to transfer more than $1m. Tien Phong was quick to stress the attack did not cause any loss of information and that its connection to Swift was not compromised.

However, the Bangladesh central bank, which was attacked in February, was not so lucky. Aspreviously reported, hackers were able to steal roughly $81m (£56m) from its account at the Federal Reserve Bank of New York and then transfer the funds to various bank accounts located in the Philippines.

For its part, Swift recently released a statement acknowledging “a small number of recent cases of fraud.” It said: “First and foremost we would like to reassure you again that the Swift network, core messaging services and software have not been compromised.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both.”

Meanwhile, BAE Systems has released an in-depth report claiming the malware used in these previous attacks was similar in design to that used in the cyberattack against Sony Pictures in 2014.



Anonymous hacktivist group DDoSes nine more banks in OpIcarus campaign to protest against corruption

The hacktivists collective, Anonymous had launched a 30-day operation called OpIcarus, against “all central banks” and major financial institutions, claiming that it would be one of the biggest attacks in its history. The hacktivist group, who have collaborated with fellow hackers Ghost Squad Attackers, are targeting bank websites worldwide.

It started with the Bank of Greece with Anonymous successfully being able to bring the website down. However, a Bank of Greece official said: “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website.

The hacking collective has no structured organization and members take part in different operations whenever they like. According to a YouTube video, Anonymous said that its attack on banks is an extension of Operation Icarus, a campaign the collective previously launched against Wall Street. It’s now bringing it back over the next month.
In a later video, Anonymous extended its proposed targets to include “MasterCard and Visa, Bank for International Settlements, all central banks, the IMF and the London Stock Exchange and every major banking system.”

“Our message is clear. We will not let the banks win. We will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous,” the group said.

Originated in 2003, Anonymous adopted the Guy Fawkes mask as their symbol for online hacking. In a statement to, the cyber attackers said:

“This is just the beginning. We won’t stop until all focus is back on the banks where it belongs and all ‘to big to jail’ institutions are held accountable for their crimes.

“Now that we are uniting our groups, it will only be a matter of time before the whole international banking cartel who are responsible for worldwide economic terrorism, can expect to expect us.”

The banks that have been attacked recently under the Operation OpIcarus include: The Central Bank of Cyprus, The Central Bank of New Zealand, Central Bank Montenegro, The Central Bank of France and the Guernsey Financial Services Commission.

Tthe hacktivists have posted online how-to instructions, targets, dates and downloadable tools to carry out the attacks in an effort to get as many people possible behind the campaign. DDoSing seems to be the method of choice which, in the simplest explanation, overloads a website with traffic to cause it to successfully seize up and shut down.

The last 12 months have seen two thirds of large British businesses coming under cyberattacks or breach.

Outcomes from the Cyber Security Breaches Survey, undertaken by Ipsos Mori for the Government, show a quarter of large firms experiencing a cyber breach did so at least once a month.

As a result, businesses are now been requested to better protect themselves.

Digital Economy Minister Ed Vaizey said: “The UK is a world-leading digital economy and this Government has made cyber security a top priority.

“Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data.”

It was also disclosed that seven out of 10 attacks on all firms involved viruses, spyware or malware, which could have been averted, and how only a fifth of businesses have a clear view of the dangers of sharing information with third parties.

The Government has pledged to invest £1.9billion over the next five years to confront and prevent the crime, as well as a new National Cyber Security Centre that will provide security support.

Steve Jewell, cyber security expert and technical director at S-IA, a company that provides software used by Government departments including the Treasury and the Ministry of Defence against cyber-attacks said the danger from cyber attackers continues to progress.

Mr Jewell said: “The threat is growing, the threat is evolving. You need to make sure you get the best out of your protection and don’t just rely on the technology.

“It’s also about the people that use it and their training.

“In terms of organised crime, it is still on the increase but there are things companies can do to combat these threats.

“There are holes in people’s security.

“It’s an ever-evolving threat and no-one that stands still and thinks they have something that is protecting them, it is a question of how many days that will last until something circumvents it.”


Healthcare Suffers Estimated $6.2 Billion In Data Breaches

Nearly 90 percent of healthcare organizations were slammed by a breach in the past two years.

The 911 call has come in loud and clear for the healthcare industry: nearly 90% of all healthcare organizations suffered at least one data breach in the past two years with an average cost of $2.2 million per hack.

Despite heightened awareness and concern among the healthcare industry over its ability to thwart cybercrime, insider mistakes, and ransomware attacks, healthcare budgets for security have either dropped or remained the same in the past year, according to the newly released Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data by the Ponemon Institute. Some 10% of budgets have declined, and more than half have remained static, and most believe they don’t have the budget to properly protect data.

The Ponemon report, commissioned by ID Experts, estimates that data breaches cost the healthcare industry some $6.2 billion, as some 79% of healthcare organizations say they were hit with two or more data breaches in the past two years, and 45%, more than five breaches. Most of those exposed fewer than 500 data records, and thus don’t get reported to the US Department of Health and Human Services nor are revealed to the media. Ponemon surveyed 91 healthcare organizations, mainly healthcare providers, and 84 healthcare business partner organizations, including pharmaceutical companies, IT and service providers, and medical device makers, and broke down the findings accordingly.

Healthcare’s security woes have been well-documented over the past year. Even before the infamous recent wave of ransomware attacks on hospitals, there were plenty of red flags that healthcare was a ripe target for cybercrime, and even cyber espionage: there were massive breaches at Anthem and other insurers, as well as UCLA Health and earlier this year, 21st Century Oncology. A study last year by Raytheon and Websense found that healthcare organizations are twice as likely to suffer a data breach than those in other industries. And according to Trend Micro’s analysis of Privacy Rights Clearinghouse data, healthcare organizations suffered more breaches than any other industry sector between 1995 and 2005 — with some 27% of all breaches.

Not surprisingly, healthcare organizations also have been failing in their application security programs and practices as well. According to the Building Security In Maturity Model (BSIMM) study published in October, BSIMM6, healthcare organizations scored much lower than their counterparts in the financial services, independent software vendor, and consumer electronics industries, when it comes to securing their applications.

The most commonly exposed data in healthcare breaches are medical records, followed by billing and insurance records, and payment information. Some 64% of attacks targeted medical files and billing and insurance records, up from 45%. Nearly 40% of healthcare organizations and 26% of their business partners say they know of medical identity theft incidents affecting their patients and customers, but 64% of healthcare organizations don’t offer credit protection services for victims, and 67% of business partners don’t have procedures in place to correct errors in medical records—a gap that could be life-threatening in the case of an identify thief using a patient’s medical information for fraudulent purposes, the Ponemon report notes.

“There seems to be increasing awareness that medical identify theft is one of the results” of attacks, says Rick Kam, president and co-founder of ID Experts. “What’s bad is that healthcare organizations aren’t putting in the resources to help those [issues]. Medical identity theft includes a patient’s prescriptions, diagnosis, blood type” and other information that if compromised could risk a patient’s health or life, he says.

Cybercrime-based attacks remain the number one cause of data breaches, and they were up 5% to 50% this year, the report says. The rest were rooted in insider woes: 41% via a lost or stolen device and 36% via an “unintentional” employee act. Around 13% cite a malicious insider attack.

While respondents were surveyed last year prior to the big ransomware attacks on hospitals, ransomware was top of mind. Distributed denial-of-service (DDoS) attacks are the biggest worry of healthcare organizations (48%), followed by ransomware (44%), malware (41%), phishing (32%), advanced persistent threats (16%), rogue software (11%), and password attacks (8%).

Meanwhile, healthcare organizations are well aware they lack cybersecurity staff and talent to keep up with cyber threats. ID Experts’ Kam says there are some 20,000 vacant data security positions open in the healthcare sector, which exacerbates the problem of flat budgets and rising breaches.

The talent resource issue was echoed late last year by Jim Routh, chief information security officer at Aetna Global Security and chairman of the NH-ISAC, the healthcare industry’s threat information-sharing exchange. Routh, whose firm was one of the 10 healthcare firms to participate in the BSIMM6 study on software security, noted that healthcare firms typically lack security staff and resources, despite a growing awareness of the importance of software security programs.



Anonymous to Strike World Banks, Targets Bank of Greece First

The Anonymous hacker collective has declared resurgence of its attack scheme of 2011 it named Operation Icarus that launched an onslaught of assaults against the banks in Wall Street. Currently, it has targeted servers of the apex bank in Greece, which the bank lately substantiated. The attack forced the bank to withdraw its presence from the Web this Tuesday. The offline remained for some minutes.

An officer of the central bank in an interview to Reuters said the assault spanned some minutes; however, the security systems of the bank addressed it successfully. The denial-of-service (DoS) assault affected just the bank’s website.

During 2011, Anonymous’ Operation Icarus appeared as prime news when it attacked banks at Wall Street. In a YouTube video by the collective, Anonymous announces the approaching fall of Olympus. The collective tells about the resurgence of Icarus some days past, and that it has effectively shut down Bank of Greece’s website, adding the attack is a sign of a 30-day onslaught’s beginning on worldwide central bank websites.

The attack campaign targeted the Greek central bank first. Representatives of the bank said it wasn’t beyond some minutes and they were sure about it having remained watchful over their bank’s website too; however, the following day, there was a new development when one fresh series of assaults hit the bank disabling the website spanning a minimum of 6 hours.

Nonetheless, the collective plans to fry an even bigger fish as it states within the YouTube video, and also within one sequence of statements posted on the Internet. posted this online dated May 4, 2016.

The Anonymous hacktivist group indicated that they felt it necessary to come down right in the banking empire’s heart via repeating their tactic of tugging into the system; however, at the present instance the group faced one far prominent target – the worldwide system of finance. That target was the Bank of England and the New York Stock Exchange, it stated.

Notably, the hacktivist collective is no longer as effective in disrupting targets as it was during its peak time in the Arab Spring of 2010.



Anonymous Threatens Bank DDoS Disruptions

After earlier this year declaring “total war” against U.S. Republican presidential candidate Donald Trump, the hacktivist group Anonymous is now threatening global banks with 30 days of distributed denial-of-service attack disruptions.

As a preview, on May 2, the group claimed to have disrupted the website of Greece’s central bank. “Olympus will fall. A few days ago we declared the revival of Operation Icarus. Today we have continuously taken down the website of the Bank of Greece,” the group said in the video posted on You Tube and delivered in the classic Anonymous style via a disembodied, computerized voice.

“This marks the start of a 30-day campaign against central bank sites across the world,” it adds. “Global banking cartel, you’ve probably expected us.”

Of course, banks have previously been targeted en masse by DDoS attackers. Beginning in 2012, for example, attacks waged by a group calling itself the “Izz ad-Din al-Qassam Cyber Fighters” continued to disrupt U.S. banks’ websites as part of what it called “Operation Ababil.” In March, the Justice Department unsealed indictments against seven Iranians – allegedly working on behalf of the Iranian government – accusing them of having waged those attacks. Regardless of who was involved, it’s unclear if Anonymous could bring similar DDoS capabilities to bear for its Operation Icarus.

A Central Bank of Greece official, who declined to be named, confirmed the May 2 DDoS disruption to Reuters, though said the effect was minimal. “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website,” the official said. Greek banks have been previously targeted by DDoS extortionists, demanding bitcoins.

“It would have been better if no disruption occurred, but it is good that the attack – if that is what caused the disruption – was handled so quickly,” says information security expert Brian Honan, who’s a cybersecurity expert to the EU’s law enforcement intelligence agency, Europol.

A “World Banking Cartel Master Target List” published by Anonymous to text-sharing site Pastebin early this month lists the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis. Also on the target list are websites for the International Monetary Fund, the World Bank as well as 158 central banks’ websites. In a related video missive issued March 31, Anonymous urged its members to “take your weapons and aim them at the New York Stock Exchange and Bank of England,” promising that “this is the operation to end all others.”

The planned Anonymous operation follows elements of the collective earlier this year declaring “total war” against Trump, and on April 1 temporarily disrupting several of Trump’s websites, The Hill reports. Since then, of course, Trump has become the only Republican presidential candidate left standing after his massive win in this week’s Indiana primary.

Banks: Beware DDoS Threats

While the Anonymous bark doesn’t always equal its bite, in the wake of this alert, “banks in the United Kingdom, United States and Latin America should be very prepared” against potential attacks, says Carl Herberger, vice president of security for DDoS-mitigation and security firm Radware.

“In the same vein as someone yelling ‘bomb’ at an airport or fire at a movie theater, cyber-attack threats – whether idle or not – are not to be taken lightly,” he says, although he adds that the number of threatened DDoS attacks outweighs the quantity of actual attacks.

Herberger says in light of the new threat, all banks should review their DDoS defense plans, keeping in mind that DDoS attackers do continue to refine their tactics, as seen in the disruption of Geneva-based encrypted email service ProtonMail.

“As the attacks on ProtonMail in November 2015 have demonstrated … attackers change the profile of their attacks frequently and leverage a persistent and advanced tactic of revolving attacks geared to dumbfound detection algorithms,” he says, dubbing such tactics “advanced persistent DoS.”

Maintain a DDoS Defense Plan

Security experts have long recommended that all organizations have a DDoS defense plan in place. The U.K.’s national fraud and cybercrime reporting center, ActionFraud, for example, recently issued the following advice to all organizations:

  • Review: “Put appropriate threat reduction/mitigation measures in place,” tailored to the risk DDoS disruptions would pose to the organization.
  • Hire: If DDoS attacks are a threat, seek professional help. “If you consider that protection is necessary, speak to a DDoS prevention specialist.”
  • Prepare: All organizations should liaise with their ISP in advance of any attack. “Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.”

DDoS Extortions Spike

The guidance from ActionFraud, released April 29, also warned that the center has recently seen a spike in DDoS extortion threats from an unnamed “online hacking group” demanding the equivalent of $2,250 to call off their planned attack.

“The group has sent emails demanding payment of 5 bitcoins to be paid by a certain time and date. The email states that this demand will increase by 5 bitcoins for each day that it goes unpaid,” ActionFraud’s alert states. “If their demand is not met, they have threatened to launch a [DDoS] attack against the businesses’ websites and networks, taking them offline until payment is made.”

ActionFraud advises targeted organizations: “Do not pay the demand.” That echoes longstanding advice from law enforcement agencies globally. ActionFraud also urges organizations to keep all copies of DDoS extortion emails – including complete email headers – as well as a complete timeline for the threats and any attacks, and to immediately report threats or attacks to authorities.

Investigators say that keeping complete records – including packet-capture logs – is essential for helping to identify perpetrators. Or as ActionFraud advises: “Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.”

Masquerading as Armada Collective?

CloudFlare, a DDoS mitigation firm, reports that related attacks began in March and have been carried out under the banner of Armada Collective, as well as potentially Lizard Squad, although it’s not clear if those groups are actually involved.

It’s also unclear if the threatened DDoS disruptions have ever materialized. “We’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack,” CloudFlare CEO Matthew Prince says in a blog post. “In fact, because the extortion emails reuse bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.”